diff options
| author | Ole Mathias Aa. Heggem <olemathias.aa.heggem@gmail.com> | 2020-04-11 01:06:20 +0200 |
|---|---|---|
| committer | Ole Mathias Aa. Heggem <olemathias.aa.heggem@gmail.com> | 2020-04-11 01:06:20 +0200 |
| commit | f5da0d943401e527f5162e9c6344deb65b19b045 (patch) | |
| tree | 6cecbe12d4f16ce85d4efb8a7a124476d38d52dd /examples/tg19/netconf/s1.cna.conf | |
| parent | 38cc638f11c07fdb3d48f7b9ba7e66a2b0faafb6 (diff) | |
Diffstat (limited to 'examples/tg19/netconf/s1.cna.conf')
| -rw-r--r-- | examples/tg19/netconf/s1.cna.conf | 338 |
1 files changed, 338 insertions, 0 deletions
diff --git a/examples/tg19/netconf/s1.cna.conf b/examples/tg19/netconf/s1.cna.conf new file mode 100644 index 0000000..847bc93 --- /dev/null +++ b/examples/tg19/netconf/s1.cna.conf @@ -0,0 +1,338 @@ +## Last changed: 2019-04-16 20:56:00 CEST +version 15.1R6.7; +system { + host-name s1.cna; + auto-snapshot; + domain-name tg19.gathering.org; + time-zone Europe/Oslo; + authentication-order tacplus; + root-authentication { + encrypted-password "<removed>"; + } + name-server { + 2a06:5841:a:103::62; + 2a06:5841:a:104::126; + } + tacplus-server { + 134.90.150.164 secret "<removed>"; + } + login { + user technet { + uid 2000; + class super-user; + authentication { + encrypted-password "<removed>"; + } + } + } + services { + ssh { + root-login deny; + no-tcp-forwarding; + protocol-version v2; + client-alive-count-max 2; + client-alive-interval 300; + connection-limit 50; + rate-limit 5; + } + netconf { + ssh { + port 830; + } + } + } + syslog { + user * { + any emergency; + } + host log.tg19.gathering.org { + any warning; + authorization info; + daemon warning; + user warning; + change-log any; + interactive-commands any; + match "!(.*License.*)"; + allow-duplicates; + facility-override local7; + explicit-priority; + } + /* Local logging of syslog message */ + file messages { + any notice; + authorization info; + } + /* Local logging of all user-commands typed in the CLI */ + file interactive-commands { + interactive-commands any; + match "UI_CMDLINE_READ_LINE|UI_COMMIT_COMPLETED"; + } + } + /* Save changes to central site */ + archival { + configuration { + transfer-on-commit; + archive-sites { + "scp://user@host/some/folder/" password "<removed>"; + } + } + } + commit synchronize; + ntp { + /* ntp.uio.no */ + server 2001:700:100:2::6; + } +} +chassis { + aggregated-devices { + ethernet { + device-count 2; + } + } + alarm { + management-ethernet { + link-down ignore; + } + } +} +security { + ssh-known-hosts { + host <removed> { + ecdsa-sha2-nistp256-key <removed>; + } + } +} +interfaces { + interface-range all-ports { + member ge-*/*/*; + member xe-*/*/*; + member et-*/*/*; + } + interface-range edge-ports { + member-range ge-0/0/0 to ge-0/0/43; + description Clients; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members clients; + } + } + } + } + interface-range uplink-ports { + member-range ge-0/0/46 to ge-0/0/47; + description "G: r1.ring"; + ether-options { + 802.3ad ae0; + } + } + interface-range unused-ports { + member-range ge-0/0/44 to ge-0/0/45; + description not-in-use; + } + ae0 { + description "B: r1.ring"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [ clients mgmt ]; + } + } + } + } + lo0 { + unit 0 { + family inet { + filter { + input mgmt-v4; + } + address 127.0.0.1/32; + } + family inet6 { + filter { + input mgmt-v6; + } + address ::1/128; + } + } + } + vlan { + unit 666 { + description "Switch mgmt"; + family inet { + filter { + input mgmt-v4; + } + address 88.92.2.70/26; + } + family inet6 { + filter { + input mgmt-v6; + } + address 2a06:5841:d:b::70/64; + } + } + } +} +snmp { + contact NOC; + community <removed> { + authorization read-only; + client-list-name mgmt; + } +} +routing-options { + rib inet.0 { + static { + route 0.0.0.0/0 next-hop 88.92.2.65; + } + } + rib inet6.0 { + static { + route ::/0 next-hop 2a06:5841:d:b::1; + } + } +} +protocols { + sflow { + sample-rate { + ingress 10000; + egress 10000; + } + collector <removed>; + interfaces all-ports; + } + igmp-snooping { + vlan all { + version 3; + immediate-leave; + } + } + mld-snooping { + vlan all { + version 2; + immediate-leave; + } + } + rstp { + bridge-priority 32k; + interface edge-ports { + edge; + no-root-port; + } + } + lldp { + interface uplink-ports; + } +} +policy-options { + prefix-list mgmt-v4 { + } + prefix-list mgmt-v6 { + } + /* Merged separate v4- og v6-lister */ + prefix-list mgmt { + apply-path "policy-options prefix-list <mgmt-v*> <*>"; + } +} +firewall { + family inet { + filter mgmt-v4 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v4; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then { + discard; + } + } + term accept-all { + then accept; + } + } + } + family inet6 { + filter mgmt-v6 { + term accept-ssh { + from { + source-prefix-list { + mgmt-v6; + } + destination-port 22; + } + then accept; + } + term discard-ssh { + from { + destination-port 22; + } + then discard; + } + term accept-all { + then accept; + } + } + } +} +ethernet-switching-options { + secure-access-port { + interface edge-ports { + no-dhcp-trusted; + } + vlan clients { + arp-inspection; + examine-dhcp; + inactive: examine-dhcpv6; + inactive: neighbor-discovery-inspection; + ip-source-guard; + inactive: ipv6-source-guard; + dhcp-option82 { + circuit-id { + use-vlan-id; + } + } + no-option-37; + inactive: dhcpv6-option18 { + use-option-82; + } + } + inactive: ipv6-source-guard-sessions { + max-number 128; + } + } + storm-control { + action-shutdown; + interface edge-ports { + bandwidth 5000; + multicast; + } + } +} +vlans { + clients { + vlan-id 114; + } + mgmt { + vlan-id 666; + l3-interface vlan.666; + } +} +poe { + interface all; +} |